OT Visibility & Detection Market – Q4 2021 Update
The OT Visibility and Detection Market has consolidated to a big 3 of pure plays, a handful of enterprise vendors who have acquired their way into OT, and the niche players whose best hope is to get acquired before the music stops. With the war chests full, this...
ICS Security Maturity Model (Levels 4 – 6)
See Part 1 with Levels 1 – 3. I must admit I switched the order of Basic Detection and eliminate High Consequence Events multiple times in writing this article. As always I welcome your comments including your own maturity levels. Maturity Level 4: Basic...
ICS Security Maturity Model (What To Do In What Order)
A reader (Paul) wrote in with the following question: Do you have any recommendations on how to iteratively and pragmatically raise the bar (i.e. security/maturity). The models I’ve seen push asset inventory/visibility and cyber hygiene to the front, which makes...
Hidden Value In Creating Cybersecurity Audit Programs
One of my first tasks after leaving NSA for private industry in the early 90s was to write my new company’s information security policy. I’m not sure my previous job as a cryptanalyst left me qualified for this, but I was viewed as the security guy. So, I attacked the...
Who Manages The Edge?
Bryan Owen in his OnRamp ICS Cloud Services module described open and closed loop cloud services. Securing open loop cloud services is simple because communications can be limited to pushing ICS data to the cloud. Closed loop cloud services can involve the external...
Try Different Roles & Companies In Your First Two Decades
It’s hard to keep up with all the movement of OT security professionals between companies, Tim Yardley, Zachery Lambert, Isiah Jones, Pascal Ackerman, Ron Brash, … There is no sign that demand for OT security pro’s will diminish in the next to 1 to 3...
Supply Chain Cybersecurity: Calamity or Shoulder Shrug II
In August, I wrote about the likely hyperbole in an article, Cybersecurity Risks Loom Large In Hospitals. The financial risk stated in the article that “loomed large” was tiny compared to other financial risks at a large hospital. The numbers in that...
(You Should Have) Zero Trust In PLCs
Last week at the Singapore CSA OTCEP event a panel I was on received the question: what do we think about the use of zero trust in OT? I’m not sure why we all hesitated to answer. Being polite? Unsure of how to answer? Tired from jet lag or crazy time zones? I...